New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New Authentication Middleware using Wordpress #982
Comments
Once you load the required require('path_to_wordpress_installation/wp-load.php'); file, you should only have to add a global $current_user; line. Then you can use the $current_user->ID to do a curl out to the API, something like this: //Get User Info $url = "http://IP_or_URL/CRUDAPI.php/records/users?filter=id,eq," . $current_user->ID; $ch = curl_init($url); curl_setopt($ch, CURLOPT_URL,$url); curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); $json = curl_exec($ch); $user = json_decode($json, true); |
@pottertech thanks for your reply, but I'm not trying to fetch a user from php-crud-api with the same ID as the wordpress user, I've got it partially working by modifying the DBAuth middleware, but I want to write a proper middleware for it, which I might be able to do by myself, but it's going to take some more time 😆 |
Good idea you have. I provided my code in hopes that it helps someone a little. Now that @mevdschee has tagged it as an enhancement, I am sure between it will get done and function well. |
Yep, I'm almost flabbergasted that it isn't done already 🤪 Jokes aside, @mevdschee do you expect me to prepare a PR? I don't have any estimate for how long it would take and I don't have a proper php dev setup. |
Ok.. I'll start now.. time me.. ;-) |
Stop the timer (<30 min)! The lines with bad indentation are added to make it work:
We could put this into a middleware of some kind. @nkappler I think Wordpress should verify the password, not our middleware. We only need to read the (session) cookie. @pottertech I feel your approach should be implemented as a WordPress plugin, which would be nice-to-have. |
Okay.. @nkappler and @pottertech WpAuthMiddleware is added to the main branch.. It supports:
It doesn't support:
Enable it as 'wpAuth' middleware, with config parameters:
In the authorization middleware you can use functions:
Play with it and let me know how you like it.. :-) |
Works like a charm, thank you ❤️
Clues condense that you are, in fact, a robot 😀 One final remark: And the I've made a few suggestions here: 8a424fe |
@nkappler Thank you for your review and your kind words. I'll merge your suggestions and release a new version with updated README. I do need one or two days as I'm a bit busy with some other things. |
Take your time and thanks a lot. |
Released in v2.14.23 |
Hi @mevdschee,
I'm currently trying to marry your api to the wordpress user session.
Unfortunately it is not as easy as pointing the api to the 'users' table, because WP uses neither the standard $_SESSION variable, nor standard password encryption (it uses some custom salt and appends an ID or something...)
So far I was able to write a custom script which checks if a wordpress session is available and which can verify a password from the database:
I'd like to write a middleware similar to DBAuth and I would be happy to file a PR but I am not very good at php and I don't know where to start.
Any help is appreciated 🙂
The text was updated successfully, but these errors were encountered: